Bug 47598 - Slave fails to join - ldap/data.mdb missing
Slave fails to join - ldap/data.mdb missing
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on: 41782 47603
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-16 14:01 CEST by Philipp Hahn
Modified: 2020-07-03 20:53 CEST (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.171
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018080921000496
Bug group (optional): Troubleshooting
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-08-16 14:01:20 CEST
+++ This bug was initially created as a clone of Bug #41782 +++
A customer tried to join a new UCS Slave, but the local LDAP server does not get started.
Both
> slaptest -f /etc/ldap/slapd.conf
and
> slapschema -f /etc/ldap/slapd.conf
error out with
> mdb_db_open: database "dc=im,dc=dew,dc=ngo" cannot be opened: No such file or directory (2). Restore from backup!
which indicates that /var/lib/univention-ldap/ldap/data.mdb is missing.

On the DC Master that file is supposed to be created by management/univention-ldap/01univention-ldap-server-init.inst, on all other system roles I found no explicit `slapadd` except in "base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/14ldap_basis".

If I manually start
> slapd -f /etc/ldap/slapd.conf -d 1
the missing file is created and afterwards `slaptest` and `slapschema` run fine.

For some yet unknown reason starting the LDAP server slapd seems to fail; I checked the init script and it only runs "slapschema" *after* slapd has been started, but maybe something other prevents the slapd from starting.

$ journalctl -u slapd.service
shows the following interesting events:

First Bug #41782 hits:
>15:26:06 slapd[9469]: Starting ldap server(s): slapd ...failed.
>15:26:06 slapd[9469]: ... 5b7186ee /etc/ldap/slapd.conf: line 118: unknown attr "@univentionVirtualMachine" in to clause ...
>15:26:06 systemd[1]: slapd.service: control process exited, code=exited status=1

The the subsequent start fails because the LMDB files are missing:
>15:26:09 slapd[9546]: Starting ldap server(s): slapd ...failed.
>15:26:09 slapd[9546]: ... 5b7186f1 mdb_db_open: database "dc=im,dc=dew,dc=ngo" cannot be opened: No such file or directory (2). Restore from backup! ...
>15:26:09 systemd[1]: slapd.service: control process exited, code=exited status=1

But I have no idea why that process does not create the missing file itself.
Comment 1 Philipp Hahn univentionstaff 2018-08-17 11:50:51 CEST
slapd failed to start because the client TLS certificate was empty (0 bytes).

Creating certificates on the master failed because of an empty /etc/univention/ssl/ucsCA/serial file (reason unknown)

Afterwards the join failed again because the first start of slapd tried to apply the /var/lib/univention-directory-replication/failed.ldif from the previous run. (→ Bug #47603)
Comment 2 Ingo Steuwer univentionstaff 2020-07-03 20:53:24 CEST
This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.